Is WEP still a thing?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
15
down vote

favorite
3












I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?



According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.



Thoughts?







share|improve this question



























    up vote
    15
    down vote

    favorite
    3












    I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?



    According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.



    Thoughts?







    share|improve this question























      up vote
      15
      down vote

      favorite
      3









      up vote
      15
      down vote

      favorite
      3






      3





      I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?



      According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.



      Thoughts?







      share|improve this question













      I was studying the Wi-Fi security section for a pentesting certification the other day and there is an extensive part about cracking WEP. Is going in-depth on WEP cracking worth it anymore?



      According to this statistic: https://wigle.net/stats# about 7% of Wi-Fi networks still use WEP for encryption today. It's not a lot, but at the same time it is a lot considering that WEP was deprecated in 2004.



      Thoughts?









      share|improve this question












      share|improve this question




      share|improve this question








      edited Aug 6 at 16:29
























      asked Aug 6 at 16:17









      Tudor

      18917




      18917




















          3 Answers
          3






          active

          oldest

          votes

















          up vote
          27
          down vote



          accepted










          Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.



          That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.



          In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.



          But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).



          So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.



          In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:



          All Entries
          -------------------
          464,429,878 (Total)
          31,800,699 (WEP)
          ---WEP: 6.85%---

          Updated since 2014
          -------------------
          343,970,477 (Total)
          8,550,789 (WEP)
          ---WEP: 2.49%---

          Updated since 2016
          -------------------
          233,996,263 (Total)
          4,374,629 (WEP)
          ---WEP: 1.87%---

          Updated since 2017
          -------------------
          158,548,717 (Total)
          2,707,548 (WEP)
          ---WEP: 1.71%---


          As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.






          share|improve this answer

















          • 1




            old wii consoles can only connect to WEP security routers
            – Tschallacka
            2 days ago










          • @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
            – YLearn
            2 days ago






          • 4




            I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
            – Joshua
            2 days ago










          • @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
            – Deduplicator
            2 days ago










          • Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
            – Azteca
            yesterday

















          up vote
          3
          down vote













          I have been studying WEP as a project in school (great examples of what should not do in crypto !).
          When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).



          In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.






          share|improve this answer

















          • 5




            Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
            – nbering
            Aug 6 at 18:18







          • 1




            @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
            – YLearn
            Aug 7 at 0:49

















          up vote
          3
          down vote













          WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.



          Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored






          share|improve this answer





















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "162"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            noCode: true, onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );








             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191060%2fis-wep-still-a-thing%23new-answer', 'question_page');

            );

            Post as a guest






























            3 Answers
            3






            active

            oldest

            votes








            3 Answers
            3






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            27
            down vote



            accepted










            Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.



            That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.



            In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.



            But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).



            So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.



            In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:



            All Entries
            -------------------
            464,429,878 (Total)
            31,800,699 (WEP)
            ---WEP: 6.85%---

            Updated since 2014
            -------------------
            343,970,477 (Total)
            8,550,789 (WEP)
            ---WEP: 2.49%---

            Updated since 2016
            -------------------
            233,996,263 (Total)
            4,374,629 (WEP)
            ---WEP: 1.87%---

            Updated since 2017
            -------------------
            158,548,717 (Total)
            2,707,548 (WEP)
            ---WEP: 1.71%---


            As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.






            share|improve this answer

















            • 1




              old wii consoles can only connect to WEP security routers
              – Tschallacka
              2 days ago










            • @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
              – YLearn
              2 days ago






            • 4




              I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
              – Joshua
              2 days ago










            • @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
              – Deduplicator
              2 days ago










            • Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
              – Azteca
              yesterday














            up vote
            27
            down vote



            accepted










            Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.



            That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.



            In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.



            But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).



            So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.



            In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:



            All Entries
            -------------------
            464,429,878 (Total)
            31,800,699 (WEP)
            ---WEP: 6.85%---

            Updated since 2014
            -------------------
            343,970,477 (Total)
            8,550,789 (WEP)
            ---WEP: 2.49%---

            Updated since 2016
            -------------------
            233,996,263 (Total)
            4,374,629 (WEP)
            ---WEP: 1.87%---

            Updated since 2017
            -------------------
            158,548,717 (Total)
            2,707,548 (WEP)
            ---WEP: 1.71%---


            As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.






            share|improve this answer

















            • 1




              old wii consoles can only connect to WEP security routers
              – Tschallacka
              2 days ago










            • @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
              – YLearn
              2 days ago






            • 4




              I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
              – Joshua
              2 days ago










            • @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
              – Deduplicator
              2 days ago










            • Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
              – Azteca
              yesterday












            up vote
            27
            down vote



            accepted







            up vote
            27
            down vote



            accepted






            Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.



            That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.



            In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.



            But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).



            So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.



            In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:



            All Entries
            -------------------
            464,429,878 (Total)
            31,800,699 (WEP)
            ---WEP: 6.85%---

            Updated since 2014
            -------------------
            343,970,477 (Total)
            8,550,789 (WEP)
            ---WEP: 2.49%---

            Updated since 2016
            -------------------
            233,996,263 (Total)
            4,374,629 (WEP)
            ---WEP: 1.87%---

            Updated since 2017
            -------------------
            158,548,717 (Total)
            2,707,548 (WEP)
            ---WEP: 1.71%---


            As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.






            share|improve this answer













            Unfortunately, WEP is still present in the world. There are legacy systems and devices in certain environments that can only do WEP, plus a number of networks that have no one interested and/or knowledgeable enough to update. Like many advances in technology, phasing out the older technology takes time. Look at IPv4 vs. IPv6 after 20ish years and tell me which is still predominant.



            That being said, WEP is no longer viable in modern 802.11 networking. Not only is WEP not viable in modern 802.11 networking, neither is TKIP (was initially used as part of WPA certification). Since the release of the 802.11n amendment to the standard, the use of either requires that devices disable the use of HT or VHT data rates.



            In other words, the use of WEP or TKIP causes a modern 802.11 network (i.e. 802.11n or newer) to function little better than an 802.11a/g network. While you do pick up some of the advantages of newer standards, the performance (which is the typical driving force for people to upgrade) is negated.



            But all that aside, I have to point out that Wigle's stats are a bit "flawed" unless you actually understand what it is you are really viewing. Wigle is a large, user collected database of information. However, as far as I know, they do not age out old data for a number of reasons (for instance, just because someone hasn't recorded updated information on a network doesn't mean it isn't still present).



            So what you have is a large number of networks present in their data that are not present in the real world. If you check many of the WEP entries, they will not have been updated in 5 or more years. Many of these are likely gone or replaced.



            In the graph on the Wigle statistics page, the shown decline of WEP is largely due to new networks being added to the database that are not using WEP, rather than WEP networks being removed from the database. Pulling from the Wigle.net API, these stats may present a more accurate picture of the decline of WEP:



            All Entries
            -------------------
            464,429,878 (Total)
            31,800,699 (WEP)
            ---WEP: 6.85%---

            Updated since 2014
            -------------------
            343,970,477 (Total)
            8,550,789 (WEP)
            ---WEP: 2.49%---

            Updated since 2016
            -------------------
            233,996,263 (Total)
            4,374,629 (WEP)
            ---WEP: 1.87%---

            Updated since 2017
            -------------------
            158,548,717 (Total)
            2,707,548 (WEP)
            ---WEP: 1.71%---


            As you can see, while WEP is still certainly present, the real world statistics of WEP being in the wild is much lower than the 6-7% number to which you were referring.







            share|improve this answer













            share|improve this answer



            share|improve this answer











            answered Aug 6 at 19:46









            YLearn

            2,66711022




            2,66711022







            • 1




              old wii consoles can only connect to WEP security routers
              – Tschallacka
              2 days ago










            • @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
              – YLearn
              2 days ago






            • 4




              I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
              – Joshua
              2 days ago










            • @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
              – Deduplicator
              2 days ago










            • Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
              – Azteca
              yesterday












            • 1




              old wii consoles can only connect to WEP security routers
              – Tschallacka
              2 days ago










            • @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
              – YLearn
              2 days ago






            • 4




              I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
              – Joshua
              2 days ago










            • @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
              – Deduplicator
              2 days ago










            • Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
              – Azteca
              yesterday







            1




            1




            old wii consoles can only connect to WEP security routers
            – Tschallacka
            2 days ago




            old wii consoles can only connect to WEP security routers
            – Tschallacka
            2 days ago












            @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
            – YLearn
            2 days ago




            @Tschallacka, I have a US first gen Wii that connects just fine to WPA or WPA2-AES with a PSK. Only issue I am aware of with early Wii consoles is that they need the low data rates enabled (1 and/or 2 Mbps) or they will not be able to connect, even though they are 802.11g devices. Even if there are some models that only support WEP, many users of Nintendo consoles replaced their Wii with a Wii U, as it can still run most of the Wii games (clear exceptions would be games with accessories that utilized the GameCube ports).
            – YLearn
            2 days ago




            4




            4




            I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
            – Joshua
            2 days ago




            I saw a recent discussion about presenting WEP as unsecured and connecting to it without ever prompting because it could be cracked faster than the password keyed in.
            – Joshua
            2 days ago












            @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
            – Deduplicator
            2 days ago




            @Joshua Now that's a nice idea, and it might even persuade some more people to see it be completely ignored.
            – Deduplicator
            2 days ago












            Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
            – Azteca
            yesterday




            Once I worked at a retailer of portable handheld scanners, and some models only work with WEP.
            – Azteca
            yesterday












            up vote
            3
            down vote













            I have been studying WEP as a project in school (great examples of what should not do in crypto !).
            When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).



            In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.






            share|improve this answer

















            • 5




              Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
              – nbering
              Aug 6 at 18:18







            • 1




              @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
              – YLearn
              Aug 7 at 0:49














            up vote
            3
            down vote













            I have been studying WEP as a project in school (great examples of what should not do in crypto !).
            When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).



            In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.






            share|improve this answer

















            • 5




              Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
              – nbering
              Aug 6 at 18:18







            • 1




              @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
              – YLearn
              Aug 7 at 0:49












            up vote
            3
            down vote










            up vote
            3
            down vote









            I have been studying WEP as a project in school (great examples of what should not do in crypto !).
            When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).



            In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.






            share|improve this answer













            I have been studying WEP as a project in school (great examples of what should not do in crypto !).
            When I took a look at usage stats, it was 8% (if you think about the 45% back in 2010). Even if it seems low, I think it took way to long and I still see some Wi-Fi set to WEP (in France).



            In my opinion, it shouldn't be an option anymore, even for backward compatibility. I took way to long to deprecated it, given the fact the first automated attack was published in 2001.







            share|improve this answer













            share|improve this answer



            share|improve this answer











            answered Aug 6 at 17:27









            Faulst

            1392




            1392







            • 5




              Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
              – nbering
              Aug 6 at 18:18







            • 1




              @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
              – YLearn
              Aug 7 at 0:49












            • 5




              Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
              – nbering
              Aug 6 at 18:18







            • 1




              @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
              – YLearn
              Aug 7 at 0:49







            5




            5




            Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
            – nbering
            Aug 6 at 18:18





            Network-level protocols take a long time to deprecate because hardware moves slow. It takes a long time to move through the lifecycle of physical network devices - especially consumer hardware. Some businesses still use PPTP for VPN, and that's been broken for ages as well. Protocols don't suddenly stop working when the security is broken, and user don't care that much about security until they're hit by a high-impact event.
            – nbering
            Aug 6 at 18:18





            1




            1




            @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
            – YLearn
            Aug 7 at 0:49




            @nbering, consumer hardware in many cases changes faster than business hardware. People tend to like buying the best/latest/fastest product on the market. I find industrial/environmental/systems control types of machines/hardware/tools tend to be more locked into time. If a business pays X million for that machine (series) or control system, they aren't likely to rip it out and replace it because it only supports WEP. They are more likely to support WEP for the next 20 years until the manufacturing line is next replaced.
            – YLearn
            Aug 7 at 0:49










            up vote
            3
            down vote













            WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.



            Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored






            share|improve this answer

























              up vote
              3
              down vote













              WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.



              Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored






              share|improve this answer























                up vote
                3
                down vote










                up vote
                3
                down vote









                WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.



                Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored






                share|improve this answer













                WEP has been broken for a long time, but upgrading from WEP to WPA2 implies delivering new hardware for each Access Point, client device, repeaters, etc. It's a huge investment to do at once, so compatible devices are available (Actually they're still being made, every smart phone I know is capable to connect to WEP networks), and that's a cycle: There is no need to migrate from WEP to WPA2 right now cause compatible devices exist and there is no need to change all the devices cause compatibility is still there.



                Given that, while the impact of exploiting WEP may be high and the attack is pretty simple and known, the likelihood of the attack is not as much as it seems. An attacker needs to be physically in the same place as the vulnerable AP and close enough to actually be able to send packets in a reliable way. And sadly this kind of risk tends to be ignored







                share|improve this answer













                share|improve this answer



                share|improve this answer











                answered Aug 6 at 20:49









                Mr. E

                1,545416




                1,545416






















                     

                    draft saved


                    draft discarded


























                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191060%2fis-wep-still-a-thing%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?